Uber fills 'critical' role of chief privacy officer

Uber just hired its first chief privacy officer, filling a significant void in the senior leadership at the most valuable privately held startup in the US.

Naming Ruby Zefo to the role "fills a critical global role responsible for the development and implementation of privacy standards, procedures, and processes in every market where we operate," Tony West, Uber's chief legal officer, told employees in an email Wednesday.

In a parallel move, West also announced that Simon Hania will be Uber's first data protection officer, filling a position required under the EU's General Data Protection Regulation. Hania will oversee Uber's compliance with EU data protection laws. Simon comes to Uber from Dutch transportation company TomTom, where he was as VP of privacy and security, and will work in Amsterdam.

The two additions come as CEO Dara Khosrowshahi, who has been at the helm for less than one year, continues cleaning up Uber's past missteps. Beyond being embroiled in allegations of sexual discrimination and harassment, the company has faced scrutiny over how it handles consumer data.

In April, Uber settled a case with the Federal Trade Commission, which investigated claims that the ride-share company deceived customers about a 2016 breach in which hackers stole the personal information of 57 million users.

The breach wasn't disclosed until late 2017, when Uber revealed that it paid the hackers $100,000 to destroy the data. As part of the settlement, Uber agreed to notify the FTC in the event of a data breach. Khosrowshahi, who joined Uber in late August, said he launched an investigation into why the company didn't alert authorities or consumers.

The company settled a 2014 data breach case with the FTC, as well.

Zefo, who also serves on the board for the International Association of Privacy Professionals, will start at Uber on August 6. Privacy experts applauded the hire.

"It's surprising to me that this company, which has had such high profile privacy failures and is sitting on such a large body of personal data had yet to hire a CPO or face significant public pressure to do so," said Woodrow Hartzog, a law and computer science professor at Northeastern University.

But Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, said it's not unusual to see a tech company without a CPO.

"While there have been some very public mistakes, like many tech companies, [Uber] seems to have learned, albeit the hard way, to invest in a serious privacy and security infrastructure," Gidari said. "It is important for the CPO to be in the "C" suite, and Uber has made a serious hire with Ruby Zefo and Simon Hania."

While Uber has had privacy professionals at the company throughout the years, it started working toward hiring a chief privacy officer even before Khosrowshahi came aboard, an Uber spokesperson told CNNMoney.